Re: [users@httpd] Setting up Apache 2.4 with Letsencrypt

2018-02-13 Thread Marat Khalili 

But I just get a failed to load error and I don't see anything helpful in the 
logs.

I tried removing the links in the apache24 folder and copying the .pem files 
(privkey.pem to ssl.key), but still get an unable to establish secure 
connection error.


You did not post exact errors, but just in case the following works here:


    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    SSLUseStapling On


--

With Best Regards,
Marat Khalili


-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] Setting up Apache 2.4 with Letsencrypt

2018-02-12 Thread @lbutlr 
I have dehydrate properly renewing certs from Let's Encrypt (which I am using 
successfully for mail authentication) and I ma trying to get them working for 
Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in 
/usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/mod_ssl.so

Include etc/apache24/extra/httpd-ssl.conf

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


 /etc/httpd/extra//httpd-ssl.conf:
Listen 443
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout  300


  DocumentRoot "/usr/local/www/roundcube"
  ServerName www.covisp.net:443
  ServerAdmin ad...@covisp.net
  ErrorLog "/var/log/httpd-error.log"
  TransferLog "/var/log/httpd-access.log"
  SSLEngine on
  SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
  SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
  
SSLOptions +StdEnvVars
  
  
SSLOptions +StdEnvVars
  
  CustomLog "/var/log/httpd-ssl_request.log" \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


 # apachectl -S shows at the end:
*:443  is a NameVirtualHost
 default server www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
 port 443 namevhost www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
 alias covisp.net
 alias mail.covisp.net
 alias webmail.covisp.net
 port 443 namevhost www.covisp.net 
(/usr/local/etc/apache24/extra/httpd-ssl.conf:83)

But I just get a failed to load error and I don't see anything helpful in the 
logs.

I tried removing the links in the apache24 folder and copying the .pem files 
(privkey.pem to ssl.key), but still get an unable to establish secure 
connection error.



-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org